JOINT SUPERVISORY AUTHORITY: SECOND ANNUAL REPORT
The Joint Supervisory Authority (JSA), the Schengen countries' joint data protection authority, has presented its second Annual Report. The report expresses satisfaction with the increased recognition of the JSA's autonomy and of its role in upholding the rights and freedoms of individuals regarding data protection. However, there is little substantive information in the report to suggest that data protection in the Schengen framework has really become more effective.
"The JSA's important role was recognized by the Schengen decision-making bodies: it was granted its own budget(...), it began to receive on a more regular basis the information it required in order to carry out its duties, and it was asked to deliver opinions over a range of different topics(...)", the preface of the Report notes. It also stresses the "significant progress" made towards achieving "greater transparency in the way the system works and in providing information to the public". But this assessment seems to be tainted by the expedient optimism of the Schengen data protection commissioners. In fact, they are fighting an up-hill battle against Schengen's "decision-making bodies" in seeking to obtain the powers and the organisational, technical and financial means necessary to ensure the satisfactory control of data processing and exchange within the Schengen framework.
Lack of authority As a matter of fact, the 1990 Schengen Implementing Agreement (SIA) does not convey any of these powers or means to the JSA. Although it is tasked with ensuring the correct application of Schengen rules on data protection, it has no power to sanction breaches of these rules. Thus, the JSA's role is limited to giving "opinions" and "advice", and to making "recommendations". In gathering information necessary for carrying out its tasks, the JSA is completely dependent of the various Schengen bodies' willingness to cooperate. This deficiency inherent in the SIA is highlighted by the three Nordic data protection commissioners, who are attending JSA meetings as observers pending their countries' full Schengen membership. In a declaration attached to the report they note that "it is of greatest importance that the advice and opinions given [by the JSA] are observed and respected by the central as well as the national bodies in the Schengen system....The Nordic observers are of the opinion that the JSA may need to have its economic resources strengthened in the future. They see an immediate need to further strengthen the administrative capacity of the secretariat but will also not exclude the need for more formal authority".
Schengen bodies and member states ignore JSA demands
More clearly than the Report itself, the Nordic declaration suggests that the problems, well-described in the JSA's first Annual Report (see FECL No. 51: "Schengen data protection authority: no phone number, no secretariat, no powers"), still remain. In that report, the JSA complained about the lack of respect and cooperation shown by various Schengen bodies. Among others examples, it mentioned the eviction by French security of JSA-inspectors from the site of the central SIS-support (C-SIS) in Strasbourg, in October 1996. At that time, the JSA made a confidential technical report on the inspection which was sent to the Schengen Central Group and the Schengen Executive Committee. As regards these bodies’ response, the second Report notes dryly: "The latter were asked to check to what extent the recommendations on securing the SIS made by the JSA could be acted upon. Almost two years after the inspection, the official Schengen bodies have still not informed the JSA on the action they intend to take to further its recommendations".
During 1997, representatives of the French Interior Ministry (responsible for the C-SIS) and of the JSA drew up draft conditions governing future inspections of the C-SIS. However, the majority of the members of the JSA agreed that the draft "ignored the independent status of their Authority" and it was decided to start new discussions with the French Interior Ministry.
JSA Opinions
During the period (March 1997 - March 1998) covered by the second report, the JSA presented seven Opinions:
on the "trafficking of stolen vehicles" Pilot Project (Schengen Working group I on Police and Security);
on the Cooperation Agreement on the processing of road traffic offences;
on copying SIS data;
on archiving documents after they have been deleted;
on entering an alert in the SIS on individuals whose identity has been usurped;
on the possibility of linking the SIS and an Interpol database, in connection with the "stolen vehicles" project; and
on the interpretation of Article 103, SIA: checking whether SIS searches are acceptable or not.
Opinion 1 and 2 were taken into account by the Schengen bodies concerned.
The problem of duplicated files
Opinion 3 deals with problems related to the use of duplicated SIS-files (e.g. CD-ROM copies), in particular by the Schengen countries' diplomatic and consular representations. The use of copies by consulates in deciding on visa applications raises questions related to the updating of duplicated information and to the level of security of transmission to offices located outside the Schengen territory. The use of duplication aids entails the risk that data available to consulates are not identical with the data in the SIS. The JSA therefore "urged" the Contracting parties:
to carry out a real-time check (network, telephone, fax) to confirm the accuracy of information where an alert exists for an individual in the duplicated aid used;
to accept responsibility for an individual where no alert exists in the duplicated aid used, in the event that an alert for the person concerned has been issued in the meantime.
At the time of writing of the Report, the JSA was still awaiting information on the specific measures taken to ensure data security in connection with the use of duplicated SIS-files. This information, however, is necessary for the JSA to check whether the practice of the member states complies with its interpretation of the SIA.
SIRENE Manual in breach of the Convention?
Opinion 4 deals with the practice of certain member states (including Germany) of keeping data transmitted by other member states in connection with the exchange of complementary information relating to SIS-alerts, even after the alerts concerned have been deleted in the SIS, to compile national criminal files. This means that individuals who have been reported to the SIS can never be sure that their personal data exchanged between the authorities of the member states as a result of their being registered in the SIS are not kept for further use by some member states, even once the reason for their registration in the SIS has ceased to exist.
In fact, as a rule, Article 102.1 SIA prohibits the use of data obtained via the SIS for purposes other than those entailing an alert. In its Opinion the JSA stated that "data may be supplied and used solely for the purposes laid down by the alert itself". Article 112 SIA states that personal data saved in the SIS for the purpose of locating persons shall be stored no longer than is necessary for the intended purpose. The JSA is of the opinion that "[these] basic principles shall apply by way of a complementary interpretation of legally binding text to all types of data processing relating either directly or indirectly to alerts in the SIS" (our italics). This means that even so-called "supplementary information" exchanged between the SIRENE bureaux (which can be far more comprehensive and sensitive than the personal data stored in the SIS) should be deleted, once a person is no longer reported to the SIS.
In justifying their keeping SIS-related data for other purposes, the member states concerned have invoked a provision of the (confidential) SIRENE Manual (Point 2.1.3.b), according to which the storage and further use of supplementary information obtained via the SIS is governed by national data protection law.
In view of the above, the JSA "believes the following measures should be taken":
After an alert has been deleted, every Contracting party "shall destroy all its accompanying documents immediately";
"the Schengen bodies shall revise the SIRENE Manual with a view to deleting the provisions under 2.1.3.b) which contravenes the Schengen Convention".
The JSA has, earlier, urged the Schengen bodies to put the SIRENE network (which is not even mentioned in the Schengen Convention) on a legal basis... so far, without any response. One may therefore doubt that the same bodies are in a particular hurry to revise the SIRENE Manual, as timidly suggested by the JSA. In an answer to a question from a member of the Bundestag, the German government has already made it very clear that it has no intention of departing from its current practice.
The problem of usurped identities
Opinion 5 deals with so called "impersonations", i.e. SIS-alerts for persons who have usurped someone else's identity. In these cases the system contains an alert with an identity which corresponds neither de facto nor de jure to the real identity of the wanted person, and the identity of the person who has been impersonated is entered into the SIS without this person receiving any prior information. In most states, alerts on impersonated individuals are kept in the SIS. For the time being, it is not possible to specify in the SIS that the alert concerns a usurped identity.
Some states are in favour of immediate deletion of personal data relating to persons who have been impersonated. The JSA Opinion is more cautious. It recommends that entry of data concerning impersonated individuals in the SIS be governed by national law and that the question as to whether an alert on an impersonated individual should be kept in the SIS should be "evaluated in accordance with the proportionality principle, with consideration given on the one hand to the rights of the person whose identity has been usurped and on the other to the need to detect the impersonator". It is believed that the "second generation" SIS, SIS II, will allow a specification of alerts concerning usurped identities. Pending the new system's entry into operation, the JSA "would be willing to cooperate to help" find a solution so as to indicate that the alert is on an usurped identity.
Checking the admissibility of entries in the SIS
Opinion 7 addresses the difficulties encountered in implementing Article 103 SIA. According to this provision, every tenth transmission (on average) of personal data should be recorded in each national SIS unit (N-SIS) for the purposes of checking the admissibility of the entry or search. In the view of the JSA, logging a representative average number of times the system is consulted constitutes an appropriate means of preventing unauthorised access. Considering that member states interpret Article 103 SIA differently, the JSA insists that while the minimum requirement of recording 10 per cent of data transmissions can also be met by recording at regular intervals, the log must be sufficiently representative of all consultations, regardless of the outcome was a hit or a negative response. The report says nothing about whether this demand has been met by the member states and whether the JSA and the national data protection authorities concerned have the means to effectively monitor the correct implementation of Article 103.
JSA Action Programme: wishful thinking?
The final chapter of the Report summarises the JSA's Action Programme adopted in February 1998. Quoting from the Report: "Special attention will be paid to the measures taken by the Schengen decision-making bodies in response to JSA opinions and recommendations, in particular where C-SIS security is concerned. Indeed, although both Schengen Presidencies in 1997 instructed the technical groups to examine the JSA's recommendations, the JSA feels that this issue has not yet been accorded the priority it deserves...The JSA would like Schengen bodies to inform it very quickly of the action they intend to take to further its recommendations. This applies in particular to the JSA's request for a special user account to facilitate checks".
This last remark is particularly revealing of the JSA's remarkable lack of authority. The first Annual Report (March 1997) complained about the astonishing fact that the JSA, that is, the authority officially charged with controlling the correct functioning and use of the SIS, had no "user" access to the C-SIS, i.e. had no possibility of direct access to the system. It now appears from the second JSA Report that this fundamental and self-evident demand from the JSA has still not been met...
Little specific information in the Report
Considering this and many other obstacles preventing the JSA from carrying out its task in an effective way, it is not astonishing that apart from general assessments and statements the second Report provides little specific information on the functioning of the SIS and how and to what extent the system affects the rights of people. Thus, one seeks in vain for any statistics, on, for example, the number of innocent persons stopped on the Schengen territory as a result of usurped identity, the total number of individual complaints and information requests handled by national data protection authorities and the JSA, and their outcome.
The report is remarkably low-key on a major incident involving data security - the leak of secret personal files from the SIS from the Belgian SIRENE bureau (see FECL No.52: "Data security scandal: sensitive SIS-files found at railway station"). Does the JSA say so little because it knows so little?
Regrettably, the Report also fails to follow up on some of the very important topics raised in the first report. Thus, the first report strongly criticised the fact that, in blatant breach of the Convention, the data in some of the national SIS units were not identical with the data in the C-SIS. The second Report says nothing about whether this problem has been solved or not. The first Report found that too many officials had so called "super-user" access to the C-SIS, enabling them not only to obtain direct access to the system but also to alter its contents in such a way that the operation cannot be traced. Has the number of "super-users" been since reduced? No answer to this question can be found in the second Report.
Safeguarding individual rights?
Finally, the Report mentions, not without pride, an information leaflet published by the JSA - "a move aimed at fulfilling its obligation to inform the public". The leaflet is to be distributed to travellers at Schengen borders and is meant to give information on the SIS and people's right of access to information stored in the system. However, apart from the addresses and telephone numbers of the JSA and the national data protection authorities, the leaflet provides little information of use to people who get into trouble at a Schengen border or elsewhere on the Schengen territory due to an alert (justified or not) in the SIS, and therefore are in urgent need of immediate assistance.
On the whole, the second Report of the JSA confirms the impression conveyed by the first report: Schengen's joint data protection authorities lack the means and the powers to safeguard individual rights and freedoms affected by the constant growth of police information systems.
Source: Schengen Joint Supervisory Authority: Second Annual Report of the Activities (March 1997 - March 1998).